IntruGuard claims next-gen rate based intrusion prevention

IntruGuard Devices announced their second-generation Intrusion Gateway appliance, the IG2200. The new design expands the performance, accuracy, and ease-of-use of security devices dedicated to stopping rate and anomaly based attacks including all forms of denial-of-service (DoS) and distributed-denial-of-service (DDoS) attacks, DNS server floods, and protocol anomaly intrusions. With its newly implemented architecture: the company claims that total active connections and new connections per second have been increased by 50 percent; recent and accelerating network floods due to DNS server based attacks are prevented; and added redundancy further ensures deployment in critical infrastructure locations, including in front of access routers and firewalls. The new platform maintains true bi-directional gigabit per second throughputs regardless of malicious traffic levels.

This latest model improves the user's ability to prevent DoS and DDoS attacks with unrelenting accuracy. Such attacks are becoming increasingly prevalent. While the 2005 CSI/FBI Computer Crime and Security Survey reveals DoS/DDoS attacks as the number one non-theft related form of misuse observed, a new form of threat is emerging. DDoS attacks are now being launched through Domain Name Servers (DNS); particularly those supporting recursion; the CERT Coordination Center survey reports 80% of DNS servers are configured for this method of operation. Over 1500 such recent attacks this year spanning a period of just weeks that temporarily shut down commercial web sites and some Internet service providers have been traced to this form of assault.

The IG2200 provides a patent-pending algorithm to identify such floods and block them within one second just as with all other previous flood attacks. This Intrusion Gateway device provides stateful DNS session control and a DNS caching mechanism to ensure these attacks are prevented without affecting legitimate traffic throughput. This appliance can block over ten types of DNS floods, prevent over fifteen DNS header anomalies, and DNS state anomalies all at line rate. The IG2200 manages to proactively and automatically identify and stop this latest hacker technique. As with all functions of IntruGuard's Intrusion Gateways, the device self learns traffic flows and requires no user intervention beyond initial setup. The blocking of intrusions is fully automated and to ensure accuracy, traffic flows are reevaluated every five minutes to update thresholds used to identify malicious flows. Without this Intrusion Gateway, IT administrators are required to manually trace down attacks and block individual flooding sources which take hours or days.

"By implementing stateful Layer 7 DNS flood prevention through high-performance and rapid-response hardware logic, IntruGuard has created new solutions for data centers" according to Hemant Jain, CTO of IntruGuard. “Critical DNS infrastructures can now be protected through these appliances without manual intervention. With a built-in high performance DNS cache, the DNS servers will be spared from responding to every query during floods. The ability to catch spoofed or real DNS flooding sources within one second during floods will spare many hours of network administrator’s analysis time."

The new architecture provides for new heights in performance and accuracy. Total TCP connections through the IG2200 can exceed 1.5 million with new TCP connections per second exceeding 150,000. Latency is held under 50 microseconds even when under full attack. Accuracy is increased with an increase in the number of Layer 2 through 7 parameters monitored; now over three million threshold values are evaluated to further pin point flood traffic.

This latest design utilizes a more space efficient chassis design. The 2U high appliance has a smaller width and depth footprint. Yet, multiple redundant components are now available for high availability. The IG2200 has dual disk drives with RAID 0 mirroring to ensure near instantaneous failover to a backup drive if the primary disk malfunctions. Dual redundant power supplies add additional peace of mind.

Several previously announced optional features, including port, network and dark address scan blocking, and anti-spoofing techniques are available on the IG2200. These latest IntruGuard security advancements will give further confidence to IT administrators to deploy RBIPS systems to stop multiple forms of attack including DoS/DDoS and now DNS floods.

This next generation RBIPS system from IntruGuard Devices, Inc. will be available for field trials in June with production release in mid Q3’06. Pricing for the dual gigabit Ethernet with a copper interface starts at $24,995. Fiber interconnect will be released the following quarter.